Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Slides

advertisement 
HACKING MEDICAL DEVICES
BY JENNIFER GROSS
GROWTH OF MEDICAL TECHNOLOGIES
• Medical technologies and computer science continue to mesh
• Pacemakers
• Insulin Pumps
• Defibrillators
• Just as susceptible to hacks and bugs as any other form of technology.
BARNABY JACK
• Renowned white hat hacker for
McAfee
• Hacked an insulin pump delivering
300 units of insulin to a mannequin
in a matter of seconds.
• Figured out how to hack pacemakers http://www.youtube.com/watch?v=YJ8PZe
from up to 500 feet away
RwweA
FDA’S ROLE
• Responsible for evaluating all new medical devices and risks associated with
them
• Seldom will examine new devices prior to them being surgically implanted
unless:
• Repeated malfunctions
• Recalled
OTHER ORGANIZATIONS INVOLVED
• Center for Medicare and Medicaid Services (CMS)
• Food and Drug Administration (FDA)
• Department of Health and Human Services (HHS)
• Department of Defense (DoD)
• Department of Veterans Affairs (VA)
• Department of Homeland Security (DHS)
POLITICS….
• Economics behind reporting devices with defects
• If a hospital were to file a report of an incident with one of the medical devices, the
hospital is liable
• Disincentive for notification
• False sense of security
• Lack of preparedness for any cyber security issues
ENCRYPTION AND OTHER PROTECTIONS
• All models of the various medical devices have the capability to use Advance
Encryption Standard (AES)
• Numerous backdoors to these devices
• Backdoor could “at least have it been embedded deep inside the ICD core”
LEGAL HELP?
• Product Liability
• Riegel v. Medtronic, Inc.
PROPOSED SOLUTION
• Software Freedom Law Center (SFLC)
• Publicly auditable source-code
OPTIONS
• Use with risks of what can happen
• Don’t use it at all
REFERENCES
• Fu, Kevin and James Blum. "Inside Risks: Controlling for Cybersecurity Risks of Medical Device Software." n.d.
Computer Science Laboratory - SRI International. 20 April 2014.
<http://www.csl.sri.com/users/neumann/cacm231.pdf>.
• Goodin, Dan. Insulin pump hack delivers fatal dosage over the air. 27 October 2011. 20 April 2014.
<http://www.theregister.co.uk/2011/10/27/fatal_insulin_pump_attack/>.
• Goodman, Marc. Hacking the Human Heart. 23 August 2011. 20 April 2014. <http://bigthink.com/futurecrimes/hacking-the-human-heart>.
• Kirk, Jeremy. Pacemaker hack can deliver deadly 830-volt jolt. 17 October 2012. 20 April 2014.
<http://www.computerworld.com/s/article/9232477/Pacemaker_hack_can_deliver_deadly_830_volt_jolt>.
• Peters, Jeff. Medical Devices: Death by Hacking and Barnaby Jack. July 2013. 20 April 2014.
<http://www.hacksurfer.com/articles/medical-devices-death-by-hacking-and-barnaby-jack>.
REFERENCES
• Radcliffe, Jerome. "Hacking Medical Devices for Fun and Insulin: Breaking the Human SCADA
System." n.d. Black Hat. 20 April 2014. <http://media.blackhat.com/bh-us11/Radcliffe/BH_US_11_Radcliffe_Hacking_Medical_Devices_WP.pdf>.
• "Riegel VS. Medtronic." n.d. American Association for Justice. Web. 23 April 2014.
<http://www.justice.org/cps/rde/justice/hs.xsl/2679.htm>.
• Sandler, Karen, et al. "Killed By Code: Software Transparency in Implantable Medical
Devices." 21 July 2010. Software Freedom Law Center. Web. 23 April 2014.
• Storm, Darlene. Pacemaker hacker says worm could possibly 'commit mass murder'. 17 October
2012. 20 April 2012. <http://blogs.computerworld.com/cybercrime-andhacking/21163/pacemaker-hacker-says-worm-could-possibly-commit-mass-murder>.
REFERENCES
• Talbot, David. Computer Viruses Are "Rampant" on Medical Devices in Hospitals. 17 October
2012. 20 April 2014. <http://www.technologyreview.com/news/429616/computer-virusesare-rampant-on-medical-devices-in-hospitals/>.
• Tobias, Marc Weber. What's to Stop Hackers From Infecting Medical Devices. 20 April 2012.
20 April 2014. <http://www.forbes.com/sites/marcwebertobias/2012/04/20/whats-tostop-hackers-from-infecting-medical-devices/>.
• Ungerleider, Neal. Medical Cybercrime: The Next Frontier. n.d. 20 April 2014.
<http://www.fastcompany.com/3000470/medical-cybercrime-next-frontier>.
• Zetter, Kim. Board Urges Feds to Prevent Medical Device Hacking. 10 April 2012. 20 April
2014. <http://www.wired.com/2012/04/security-of-medical-devices/>.
Related documents
The+lab
The+lab
File
File
20-minute Intro to Hacking
20-minute Intro to Hacking
Unit 20 – The Ex Hacker – Model Answers
Unit 20 – The Ex Hacker – Model Answers
Pitching your Hack PowerPoint Deck
Pitching your Hack PowerPoint Deck
Overview of Insulin Therapy in Diabetes
Overview of Insulin Therapy in Diabetes
Lesson 2 Effect of exercise on diabetes
Lesson 2 Effect of exercise on diabetes
presenter - ShmooCon
presenter - ShmooCon
PPTX - Systems, software and technology
PPTX - Systems, software and technology
Article
Article
What is Ethical Hacking??
What is Ethical Hacking??
点击下载浏览该文件201052220445366
点击下载浏览该文件201052220445366
University of Nicosia, Cyprus Course Code Course Title ECTS
University of Nicosia, Cyprus Course Code Course Title ECTS
pptx
pptx
Computer Crimes - Bucknell University
Computer Crimes - Bucknell University
Cyber Security: Hacker Web and Shodan
Cyber Security: Hacker Web and Shodan
Module 5 CEH - Professional IT
Module 5 CEH - Professional IT
THE HORMONE BALANCING PROGRAM
THE HORMONE BALANCING PROGRAM
OpenConflict - Advanced Defense Lab
OpenConflict - Advanced Defense Lab
Chapter 1: Introduction to Software Engineering
Chapter 1: Introduction to Software Engineering
Ethical Hacking - Vanessa Brooks, Inc.
Ethical Hacking - Vanessa Brooks, Inc.
here - Robert Siciliano
here - Robert Siciliano
Download
advertisement